Grocers as Targets for Data Breaches

Computer-savvy criminals are shopping around at grocery stores for more than the fresh produce. According to the following article, U.S. grocers have become a prime target for fraudsters who are regularly pulling off successful data breaches.

Rippleshot, a Chicago-based fraud protection firm, said grocers make up the No. 1 channel for data breaches in terms of the percentage of compromised accounts, according to Progressive Grocer. In 2016, approximately 1,000 cases of data breaches were reported by grocers. This is the highest number recorded since The Identity Theft Resource Center began tracking breaches in 2005.

Data breaches are becoming a serious issue for grocers, with close to 1,000 breaches occurring in the supermarket space alone last year. The biggest threat for grocery retailers are at-rest-data breaches and malware-type breaches. The former concerns settlement files that haven’t been sufficiently secured for storage and transmission to an acquirer; while the latter involves an infectious bug being introduced into the store’s software.

Other stores have faced similar — although not as publicized — incidents. A solution that could help is introducing point-to-point encryption technology to the payment process. Security experts say there are a number of strategies that retailers should be taking, and hiring a professional who knows the ins and outs of computer security is a good start.

For large grocers such as Kroger and Wal-Mart, implementing point-to-point encryption or other technology to thwart criminals is a good idea that could protect their businesses and prevent frustrated customers from heading to other retailers. The challenge, of course, is that criminals are moving quickly to get around any fixes put in place. Big stores can pay the higher costs to upgrade their security system, but for smaller retailers the costs can be prohibitively expensive.

It’s not surprising that grocery stores are vulnerable to the data fraudsters. With the high volume of POS lanes, plus thousands of employees and suppliers, there are many opportunities for criminal hackers to access data files or tamper with checkout terminals. Most data breaches are preventable, and often they occur since back office servers are not sufficiently locked down and/or too many people have access to sensitive data. Other retailers and big box stores are open to a similar fate unless preventative measures are taken including transaction tokenization and hiring IT security pros to tighten up and monitor all systems that contain any payment information.

Overview by Raymond Pucci, Associate Director, Research Services at Mercator Advisory Group